From b66a1f2a5513122951f350b86d358b2027f89311 Mon Sep 17 00:00:00 2001 From: Chris Date: Tue, 25 Dec 2018 11:34:43 +0100 Subject: [PATCH] added delete codes and fixed various bugs related to custom hashes --- README.md | 1 + api/upload.php | 16 +++- .../image/image.controller.php | 23 +---- content-controllers/text/text.controller.php | 15 +--- .../video/video.controller.php | 15 +--- inc/core.php | 86 ++++++++++++++++++- storage-controllers/altfolder.controller.php | 6 +- 7 files changed, 106 insertions(+), 56 deletions(-) diff --git a/README.md b/README.md index 2436068..76e33b2 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ Table of contents ## Breaking changes - New API system. Only single file uploads now via /api/upload.php (POST var name is "file"). [read more..](/rtfm/API.md) +- Data directory changed from ```upload``` to ```data``` ## Status diff --git a/api/upload.php b/api/upload.php index 67dfc7f..a9d3e8b 100644 --- a/api/upload.php +++ b/api/upload.php @@ -28,9 +28,10 @@ if ($_FILES['file']["error"] == UPLOAD_ERR_OK) { //check for duplicates $sha1 = sha1_file($_FILES['file']["tmp_name"]); - $hash = sha1Exists($sha1); - if($hash) - exit(json_encode(array('status'=>'ok','hash'=>$hash,'url'=>URL.$hash))); + $ehash = sha1Exists($sha1); + if($ehash && file_exists(ROOT.DS.'data'.DS.$ehash.DS.$ehash)) + exit(json_encode(array('status'=>'ok','hash'=>$ehash,'url'=>URL.$ehash))); + //get the file type $type = getTypeOfFile($_FILES['file']["tmp_name"]); @@ -56,11 +57,18 @@ if ($_FILES['file']["error"] == UPLOAD_ERR_OK) if(!$answer) $answer = array('status'=>'err','reason'=>'Unsupported filetype'); - if($answer['hash']) + if($answer['hash'] && $answer['status']=='ok') { //add this sha1 to the list addSha1($answer['hash'],$sha1); + if(getDeleteCodeOfHash($answer['hash'])) + { + $answer['delete_code'] = getDeleteCodeOfHash($answer['hash']); + $answer['delete_url'] = URL.'delete_'.getDeleteCodeOfHash($answer['hash']).'/'.$answer['hash']; + } + + // Lets' check all storage controllers and tell them that a new file was uploaded $sc = getStorageControllers(); foreach($sc as $contr) diff --git a/content-controllers/image/image.controller.php b/content-controllers/image/image.controller.php index cbec611..2ea0b0c 100644 --- a/content-controllers/image/image.controller.php +++ b/content-controllers/image/image.controller.php @@ -28,8 +28,6 @@ class ImageController implements ContentController $res = imagecreatefromjpeg($tmpfile); imagejpeg($res, $tmpfile, (defined('JPEG_COMPRESSION')?JPEG_COMPRESSION:90)); $ext = 'jpg'; - - $newsha1 = sha1_file($tmpfile); break; default: @@ -42,26 +40,13 @@ class ImageController implements ContentController } else { - $hash.='.'.$ext; + if(!endswith($hash,'.'.$ext)) + $hash.='.'.$ext; if(isExistingHash($hash)) - return array('status'=>'err','reason'=>'Custom hash already exists'); + return array('status'=>'err','hash'=>$hash,'reason'=>'Custom hash already exists'); } - if($newsha1) - addSha1($hash,$newsha1); - - mkdir(ROOT.DS.'data'.DS.$hash); - $file = ROOT.DS.'data'.DS.$hash.DS.$hash; - - copy($tmpfile, $file); - unlink($tmpfile); - - if(defined('LOG_UPLOADER') && LOG_UPLOADER) - { - $fh = fopen(ROOT.DS.'data'.DS.'uploads.txt', 'a'); - fwrite($fh, time().';'.$url.';'.$hash.';'.getUserIP()."\n"); - fclose($fh); - } + storeFile($tmpfile,$hash,true); return array('status'=>'ok','hash'=>$hash,'url'=>URL.$hash); } diff --git a/content-controllers/text/text.controller.php b/content-controllers/text/text.controller.php index 8aba91b..7567d10 100644 --- a/content-controllers/text/text.controller.php +++ b/content-controllers/text/text.controller.php @@ -43,21 +43,10 @@ class TextController implements ContentController if(!endswith($hash,'.txt')) $hash.='.txt'; if(isExistingHash($hash)) - return array('status'=>'err','reason'=>'Custom hash already exists'); + return array('status'=>'err','hash'=>$hash,'reason'=>'Custom hash already exists'); } - mkdir(ROOT.DS.'data'.DS.$hash); - $file = ROOT.DS.'data'.DS.$hash.DS.$hash; - - copy($tmpfile, $file); - unlink($tmpfile); - - if(defined('LOG_UPLOADER') && LOG_UPLOADER) - { - $fh = fopen(ROOT.DS.'data'.DS.'uploads.txt', 'a'); - fwrite($fh, time().';'.$url.';'.$hash.';'.getUserIP()."\n"); - fclose($fh); - } + storeFile($tmpfile,$hash,true); return array('status'=>'ok','hash'=>$hash,'url'=>URL.$hash); } diff --git a/content-controllers/video/video.controller.php b/content-controllers/video/video.controller.php index 4b0d4a4..3555c23 100644 --- a/content-controllers/video/video.controller.php +++ b/content-controllers/video/video.controller.php @@ -69,24 +69,13 @@ class VideoController implements ContentController { $hash.='.mp4'; if(isExistingHash($hash)) - return array('status'=>'err','reason'=>'Custom hash already exists'); + return array('status'=>'err','hash'=>$hash,'reason'=>'Custom hash already exists'); } - mkdir(ROOT.DS.'data'.DS.$hash); - $file = ROOT.DS.'data'.DS.$hash.DS.$hash; - - copy($tmpfile, $file); - unlink($tmpfile); + storeFile($tmpfile,$hash,true); if(!$this->rightEncodedMP4($file)) system("nohup php ".ROOT.DS.'tools'.DS.'re-encode_mp4.php force '.$hash." > /dev/null 2> /dev/null &"); - - if(defined('LOG_UPLOADER') && LOG_UPLOADER) - { - $fh = fopen(ROOT.DS.'data'.DS.'uploads.txt', 'a'); - fwrite($fh, time().';'.$url.';'.$hash.';'.getUserIP()."\n"); - fclose($fh); - } return array('status'=>'ok','hash'=>$hash,'url'=>URL.$hash); } diff --git a/inc/core.php b/inc/core.php index 7859512..5a6aa4b 100644 --- a/inc/core.php +++ b/inc/core.php @@ -37,6 +37,7 @@ function architect($url) $hash = $el; break; } + // if we don't have a hash yet but the element looks like it could be a hash if($hash === false && mightBeAHash($el)) { if(!$sc) @@ -48,7 +49,7 @@ function architect($url) { $c->pullFile($el); $hash = $el; - break; + break; // we brake here because we already have the file. no need to check other storage controllers } } } @@ -62,7 +63,25 @@ function architect($url) } else { - //ok we have a valid hash. Now let's check the extension to find out which controller will be handling this request + //ok we have a valid hash. + + //is the user requesting this file to be deleted? + foreach($u as $el) + { + if(startsWith($el,'delete_')) + { + $code = substr($el,7); + //@todo: allow MASTER_DELETE_IP to be CIDR range or coma separated + if(getDeleteCodeOfHash($hash)==$code || (defined('MASTER_DELETE_CODE') && MASTER_DELETE_CODE==$code ) || (defined('MASTER_DELETE_IP') && MASTER_DELETE_IP==getUserIP()) ) + { + deleteHash($hash); + exit($hash.' deleted successfully'); + } + } + } + + + //Now let's check the extension to find out which controller will be handling this request $extension = pathinfo($hash, PATHINFO_EXTENSION); @@ -384,4 +403,67 @@ function getStorageControllers() } return $controllers; +} + +function rrmdir($dir) { + if (is_dir($dir)) { + $objects = scandir($dir); + foreach ($objects as $object) { + if ($object != "." && $object != "..") { + if (is_dir($dir."/".$object)) + rrmdir($dir."/".$object); + else + unlink($dir."/".$object); + } + } + rmdir($dir); + } + } + +function storeFile($srcfile,$hash,$deleteoriginal=false) +{ + if(is_dir(ROOT.DS.'data'.DS.$hash) && file_exists(ROOT.DS.'data'.DS.$hash.DS.$hash)) return; + mkdir(ROOT.DS.'data'.DS.$hash); + $file = ROOT.DS.'data'.DS.$hash.DS.$hash; + + copy($srcfile, $file); + if($deleteoriginal===true) + unlink($srcfile); + + addSha1($hash,sha1_file($file)); + + //creating a delete code + $deletecode = getRandomString(32); + $fh = fopen(ROOT.DS.'data'.DS.$hash.DS.'deletecode', 'w'); + fwrite($fh, $deletecode); + fclose($fh); + + if(defined('LOG_UPLOADER') && LOG_UPLOADER) + { + $fh = fopen(ROOT.DS.'data'.DS.'uploads.txt', 'a'); + fwrite($fh, time().';'.$url.';'.$hash.';'.getUserIP()."\n"); + fclose($fh); + } +} + +function getDeleteCodeOfHash($hash) +{ + return file_get_contents(ROOT.DS.'data'.DS.$hash.DS.'deletecode'); +} + +function deleteHash($hash) +{ + //delete all local images + rrmdir(ROOT.DS.'data'.DS.$hash); + + //tell every storage controller to delete theirs as well + $sc = getStorageControllers(); + foreach($sc as $contr) + { + $c = new $contr(); + if($c->isEnabled()===true && $c->hashExists($el)) + { + $c->deleteFile($el); + } + } } \ No newline at end of file diff --git a/storage-controllers/altfolder.controller.php b/storage-controllers/altfolder.controller.php index 1be5c06..722ede6 100644 --- a/storage-controllers/altfolder.controller.php +++ b/storage-controllers/altfolder.controller.php @@ -18,11 +18,7 @@ class AltfolderStorage implements StorageController $altname=ALT_FOLDER.DS.$hash; if(file_exists($altname)) { - mkdir(ROOT.DS.'data'.DS.$hash); - copy($altname,ROOT.DS.'data'.DS.$hash.DS.$hash); - - //and don't forget to add it to the duplicate detection system - addSha1($hash,sha1_file($altname)); + storeFile($altname,$hash,false); } }